Jersey Data Protection Authority Meeting
MINUTES
|
09:00 – 12:30 20 January 2020 Jersey Office of the Information Commissioner Offices [JOIC]
|
|
Chairman Present: Jacob Kohnstamm |
|
Voting Members Present: Gailina Liew David Smith Paul Routier MBE Helen Hatton |
|
Apologies Clarisse Girot |
|
Non- Voting Members Present: Dr Jay Fedorak – Information Commissioner |
|
In Attendance: Paul Vane - Deputy Data Protection Commissioner Anne King - Communications and Operations Manager [& Note taker] |
|
Guest Speaker: Tony Moretta Digital Jersey Collaboration between Digital Jersey & JOIC - a digital sandbox to facilitate the development of new technologies for processing personal data safely and securely |
|
|
Item |
Action |
|
1.0 |
Call to order and approval of the agenda |
Agenda approved |
|
|
Authority approved minutes; · 2 December 2019 |
Minutes approved. |
|
2.0 |
Authority Governance, Operations and Procedures |
|
|
2.1 |
Payment of Authority Members Members confirmed that they had received payment. |
|
|
2.2 |
Preparation of Accounts and Appointment of Auditors 2018/19 JOIC to meet with Jersey Treasury to further discuss the preparation of accounts for the auditors. JOIC will implement a tender process for the appointment of the auditors and provide the successful proponent with the accounts at the end of February.
JOIC is ensuring that the Comptroller and Auditor General remains current on developments. |
JOIC to commence tendering process during first quarter of 2020 to appoint a local accountancy service. |
|
2.3 |
JOIC Independence The Authority discussed the evolutions of JOIC’s independence from the Government of Jersey. JOIC is developing the necessary internal systems including setting up independent payroll. |
|
|
3.0 |
Revenue Model Implementation Update |
|
|
|
The Deputy Commissioner briefed the Authority as to the progress of implementing the new model. The Authority discussed the projections for the numbers of registrations for 2020. |
|
|
4.0 |
Public Statement
The Authority considered the appropriate criteria for determining whether to issue a public statement and how they applied in a particular case.
The threshold in the Data Protection Authority Law for warranting a public statement includes: the gravity of the contravention and whether publication would be in the public interest.
The Authority agreed that a key consideration in determining whether publication would be in the public interest should be whether disclosure of information is necessary to hold the JDPA to account for the findings of its investigation
The Authority reviewed the facts of the case, including mitigating circumstances, and decided that it was in the public interest to issue a statement that named the data controller involved. It also decided that the circumstances of the case did not warrant a fine to be issued.
The Authority decided that the statement and accompanying press release should describe the incident including the nature of the contraventions and the personal data involved.
|
Commissioner to formulate a statement and media release for Authority approval. Commissioner to be spokesperson
|
|
4.1 |
Business Plan The Authority reviewed and approved the Business Plan with minor amends. |
Business Plan approved. |
|
5.0 |
JOIC Update – Commissioner |
|
|
5.1 |
Performance Statistics /Case Data The number of cases in Quarter 4 2019 decreased compared to the previous quarters. |
|
|
5.2 |
Case Study Review
The Deputy Commissioner provided brief summaries of two anonymised cases for the information of the Board. There was a complaint about an unregistered taxi company installing CCTV in vehicles. The result was that the company registered and agreed to abide by JOIC guidance on CCTV usage.
A public authority received a subject access request from a temporary employee, who was unknowingly subject to a police investigation. When the employee complained about the response that they received, because they believed that they had not received all of the information, JOIC confirmed that the public authority had correctly applied the law.
|
|
|
5.3 |
Financial Performance Authority requested a budget 2020 & 2019 comparison paper. |
|
|
5.4 |
Staffing Update The Deputy Commissioner advised that a long serving member of the office is due to retire this first quarter. Recruitment in underway for a replacement role. The Authority wished to record their thanks and best wishes to the long serving employee due to retire. JOIC is also considering adding to the casework and communications teams in 2020. The Deputy Commissioner highlighted the operational and financial benefit of the current approach to securing legal advisory services. |
Appoint an Operations Assistant |
|
5.5 |
Issues of the Day The Deputy Commissioner updated the Authority as to the issues covering conferences, developments and accomplishments. |
|
|
5.6 |
Enforcement Strategy First draft is nearing completion. |
JOIC to circulate a completed draft of the strategy via email for approval. |
|
6.0 |
Any other business The Authority discussed the proper approach to managing the JDPA Risk Register.
The Authority established the following subcommittees: 1. Remuneration Committee (to meet annually) a. Paul Routier b. Jacob Kohnstamm c. Finance Manager 2. Governance Committee a. Jacob Kohnstamm b. Gailina Liew c. Information Commissioner 3. Audit & Risk Committee a. Helen Hatton b. Gailina Liew c. Information Commissioner d. Deputy Information Commissioner e. Finance Manager
The Authority agreed to include updates from the Subcommittees in the agenda for future Authority meetings.‘ |
|
|
7.0 |
Authority ‘In Camera’ Session The Authority held a discussion in the absence of the Information Commissioner and staff. |
|
Guest Speaker
Tony Moretta Digital Jersey
Collaboration between Digital Jersey & JOIC - a digital sandbox to facilitate the development of new technologies for processing personal data safely and securely
